Yuu Arai

**Name of the Vulnerable Software and Affected Versions** Symantec Norton AntiVirus version 2004 **Description** The issue is related to a certain ActiveX control that allows remote attackers to cause a denial of service due to resource consumption and possibly execute arbitrary programs. **Recommendations** For Symantec Norton AntiVirus version 2004, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Internet Explorer 6 SP1 Description: A buffer overflow issue allows remote attackers to execute arbitrary code via the Type property of an Object tag. This issue affects certain languages that support double-byte encodings, such as Japanese. Recommendations: For Internet Explorer 6 SP1, consider disabling the Object tag or restricting its use until a patch is available. As a temporary workaround, avoid using the Type property of an Object tag to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Windows 2000 versions prior to SP4 Description: A buffer overflow issue exists in the ShellExecute API function of SHELL32.DLL, potentially allowing attackers to cause a denial of service or execute arbitrary code by providing a long third argument to the function. Recommendations: For Windows 2000 versions prior to SP4, apply Service Pack 4 to resolve the issue.